Security Now - 16k MP3

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Records live at https://twit.tv/live every Tuesday.
Website : https://twit.tv/shows/security-now
RSS Feed : http://rss-feeds.eu/feeds/SecurityNow-16k.xml
Last Episode : August 27, 2025 2:00am
Last Scanned : 5.4 hours ago

Episodes
Episodes currently hosted on IPFS.
SN1040: Clickjacking "Whac-A-Mole"
/ Germany may soon outlaw ad blockers. / What's happening in the courts over AI. / The U.K. drops its demands of Apple. / New Microsoft 365 tenants being throttled. / Is Russia preparing to block Google Meet. / Bluesky suspends its service in Mississippi. / How to throttle AI / A tricky SSH-busting Go library. / Here comes the Linux desktop malware. / Apple just patched a doozy of a vulnerability. / A trivial Docker escape was found and fixed. / Why the recent browser 0-day clickjacking is really just whac-a-mole.
Published 08/27
SN1039: The Sad Case of ScriptCase
/ What AI website summaries mean for Internet economics. / Time to urgently update Plex Servers (again). / Allianz Life stolen data gets leaked. / Chrome test Incognito-mode fingerprint script blocking. / Chrome 140 additions coming in two weeks. / Data brokers hide opt-out pages from search engines. / Secure messaging changes in Russia. / NIST rolls-out lightweight IoT crypto. / SyncThing moves to v2.0 and beyond. / Alien:Earth -- first take. / What can we learn from another critical vulnerability?
Published 08/20
SN1038: Perplexity's Duplicity
/ CISA's Emergency Directive to ALL Federal agencies re: SharePoint. / NVIDIA firmly says "no" to any embedded chip gimmicks. / Dashlane is terminating its (totally unusable) free tier. / Malicious repository libraries are becoming even more hostile. / The best web filter (uBlock Origin) comes to Safari. / The very popular SonicWall firewall is being compromised. / >100 models of Dell Latitude and Precision laptops are in danger. / The significant challenge of patching SharePoint (for example). / A quick look at my DNS Benchmark progress. / Does InControl prevent an important update. / An venerable Sci-Fi franchise may be getting a great new series. / What to do about the problem of AI "website sucking".
Published 08/13
SN1037: Chinese Participation in MAPP
/ A follow-up to the SharePoint server patch mess. / How Russia arranges to spy on other country's local embassies. / "Dropbox Passwords" manager app is ending in October. / Signal will leave Australia rather than help spy. / YouTube deploys viewing history age-estimation heuristics. / Chrome adds clever lightweight extension signing to prevent abuse. / A domain registrar is coming close to losing its rights. / A TP-Link router that doesn't encrypt its configuration. / What is "TruAge" and might it be useful for age verification. / An update on "Artemis". / With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches?
Published 08/06
SN1036: Inside the SharePoint 0-day RCE
/ Brave randomizes its fingerprints. / The next Brave will block Microsoft Recall by default. / Clorox sues its IT provider for $380 million in damages. / 6-month Win10 ESU offers are beginning to appear. / Warfare has significantly become cyber. / Allianz Life loses control of 125 million customers' data. / The CIA's Acquisition Research Center website was hacked. / The Pentagon says the SharePoint RCE didn't get them. / A look at a DPRK "laptop farm" to impersonate Americans. / FIDO's passkey was NOT bypassed by a MITM after all. / Is our data safe anywhere? / The UK is trying to back-pedal out of the Apple ADP mess. / Meanwhile, the EU resumes its push for "Chat Control". / What happened after Microsoft fumbled the patch of a powerful Pwn2Own exploit?
Published 07/30
SN1035: Cloudflare's 1.1.1.1 Outage
/ Bypassing all passkey protections. / The ransomware attacks just keep on coming. / Cloudflare capitulates to the MPA and starts blocking. / The need for online age verification is exploding. / Microsoft really wants Exchange Servers to subscribe. / Russia (further) clamps down on Internet usage. / The global trend toward more Internet restrictions. / China can inspect locked Android phones. Use a burner. / Web shells are the new buffer overflow. / An age verification protocol sketch. / What Cloudflare did to create an outage of 1.1.1.1.
Published 07/23
SN1034: Introduction to Zero Knowledge Proofs
/ A glorious takedown of quantum factorization. / Notepad++ signs its own code signing certificate. / Dennis Taylor has Bobiverse Book 6 on his lap. / Crypto/ATM machines flat out outlawed. / Signal vs WhatsApp: Encryption in flight and at rest. / A close look at browser fingerprinting metrics. / Rewriting interpreters in memory-safe languages. / An introduction to zero-knowledge proofs.
Published 07/16
SN1033: Going on the Offensive
/ Another Israeli spyware vendor surfaces. / Win11 to delete restore points more quickly. / The EU accelerates its plans to abandon Microsoft Azure. / The EU sets timelines for Post-Quantum crypto adoption. / Russia to create a massive IMEI database. / Canada and the UK create the "Common Good Cyber Fund". / U.S. states crack down on Bitcoin ATMs amid growing scams. / Congressional staffers cannot use WhatsApp on gov devices. / LibXML2 and the problems with commercial use of OSS. / A(nother) remote code execution vulnerability in WinRAR. / Have-I-Been-Pwned gets a cool data visualization site. / How is ransomware getting in? / Windows to offer "safe" non-kernel endpoint security? / Proactive age verification coming to porn sites. How? / Canada (also) says "bye bye" to Hikvision. / Germany will be banning DeekSeek. The whole EU may follow. / Cloudflare throttled in Russia? / What must the U.S. do to compete in global exploit acquisition?
Published 07/09
SN1032: Pervasive Web Fingerprinting
/ Let's Encrypt drops its long-running email notifications. / Microsoft's new "Unexpected Restart Experience". / Microsoft's response to last year's massive CrowdStrike outage. / Windows 10's extended service updates will sort of be free. / Russia-sold iPhones MUST include the RuStore app. / Lyon, in France, says bye-bye to Windows. Hello to Linux. / The US Gov gets more serious about memory-safe languages. / A new unbelievable AI malware scanner evasion technique. / A new pair of Cisco 9.8 and 10.0 vulnerabilities. / The current state of post-Elon government cybersecurity. / PNGv3, Swift on Android, and the Samsung email purge. / Andy Weir's "Project Hail Mary" movie trailer. / And a close look at the pervasiveness of web browser tracking fingerprinting.
Published 07/02
SN1005: 6-Day Certificates? Why?
Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world?
Published 12/18/2024
SN998: The Endless Journey to IPv6
Apple proposes 45-day maximum certificate life. Please, no. :( SEC fines four companies for downplaying their SolarWinds attack severity. Google adds 5 new features to Messenger including inappropriate content. Does AI-driven local device-side filtering resolve the encryption dilemma forever? The very nice looking "Session" messenger leaves Australia for Switzerland. Another quick look at the question of the EU's software liability moves. Fake North Korean employees WERE found to install backdoor malware. How to speed up an SSD without using SpinRite. Using ChatGPT to review and suggest improvements in code. And Internet governance has been trying to move the Internet to IPv6 for the past 25 years, but the Internet just doesn't want to go. Why not? And will it ever?
Published 10/30/2024